Lucene search
+L

1497 matches found

Cvelist
Cvelist
added 2026/06/18 4:31 a.m.27 views

CVE-2026-11777 Form Maker by 10Web <= 1.15.43 - Authenticated (Administrator+) SQL Injection via 'name' Parameter

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'name' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supplied parameter and lack of sufficient...

4.9CVSS0.00355EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/06/17 5:23 p.m.10 views

WordPress Tutor LMS – eLearning and online course solution plugin <= 3.9.11 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by s1kr10s - Nayrox in WordPress Plugin Tutor LMS versions = 3.9.11...

4.9CVSS5.9AI score0.00363EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.10 views

Bosch Security Systems IP Cameras Uncontrolled Resource Consumption (CVE-2021-23852)

An authenticated attacker with administrator rights Bosch IP cameras can call an URL with an invalid parameter that causes the camera to become unresponsive for a few seconds and cause a Denial of Service DoS. This plugin only works with Tenable.ot. Please visit...

4.9CVSS5.3AI score0.00825EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.6 views

Bosch Security Systems IP Cameras Improper Input Validation (CVE-2023-39509)

A command injection vulnerability exists in Bosch IP cameras that allows an authenticated user with administrative rights to run arbitrary commands on the OS of the camera. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

7.2CVSS7.1AI score0.0146EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-45775 Discourse: Cross-site backup access via path traversal in multisite local backups

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a multisite deployment to...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/15 6:50 p.m.40 views

CVE-2026-49954 Discuz! X5.0 Local File Inclusion via enable_disable.php Plugin Directory

Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute. Attackers can trigg...

8.6CVSS0.00525EPSS
Exploits2References3
CVE
CVE
added 2026/06/15 6:50 p.m.23 views

CVE-2026-49954

Discuz! X5.0 (versions 20260320–20260610) is affected by a Local File Inclusion in the enable_disable.php Plugin Directory, exploitable by authenticated administrators. The vulnerability stems from importing a crafted plugin configuration that uses path traversal in the directory attribute; an ex...

8.6CVSS6.3AI score0.00525EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.23 views

PT-2026-49298

Name of the Vulnerable Software and Affected Versions RuoYi version 4.8.2 Description An issue in the code generation module allows an authenticated attacker with administrative privileges to access sensitive database information. This is possible through a SQL Injection in the...

9.8CVSS6AI score0.00393EPSS
Exploits1References3
NVD
NVD
added 2026/06/12 9:16 p.m.16 views

CVE-2026-45775

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, a path traversal vulnerability in Discourse backup handling could allow an authenticated administrator on one site in a...

6.8CVSS0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:25 p.m.24 views

CVE-2026-45775

Discourse, a multi-site capable open-source discussion platform, has a path traversal vulnerability in its backup handling that could let an authenticated administrator on one site access backup files from another site on the same host. Affected version ranges include 2026.1.0-latest up to before...

6.8CVSS5.2AI score0.00323EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/12 4:17 a.m.13 views

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS0.00299EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/12 2:27 a.m.35 views

CVE-2026-47366

Improper verification of access permissions when modifying permissions through the Administration Control Panel ACP allowed an authenticated administrator to grant permissions beyond the level authorized for their account, resulting in privilege escalation within the administrative interface...

7.2CVSS0.00299EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 2:27 a.m.39 views

CVE-2026-47366

CVE-2026-47366 describes an improper verification of access permissions in the Administration Control Panel . An authenticated administrator could modify permissions and grant rights beyond their authorized level, resulting in privilege escalation within the administrative interface. The document...

7.2CVSS7.1AI score0.00299EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.19 views

PT-2026-48986

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0-latest through 2026.1.3 Discourse versions 2026.3.0-latest through 2026.3.0 Discourse versions 2026.4.0-latest through 2026.4.0 Description A path traversal issue exists in the backup handling of this open-source...

6.8CVSS5.1AI score0.00323EPSS
Exploits0References7
NVD
NVD
added 2026/06/11 8:16 p.m.18 views

CVE-2026-46489

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS0.0031EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 6:55 p.m.13 views

EUVD-2026-36303

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, the company logo upload feature accepts any file type without validation. An authenticated administrator can upload an SVG file containing embedded JavaScript. This script is base64-encoded and injected unescaped into eve...

8.1CVSS5.1AI score0.0031EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 6:55 p.m.33 views

CVE-2026-46489

SolidInvoice (open-source invoicing platform) contains CVE-2026-46489: before version 2.3.17, the logo upload feature accepts any file type without validation, allowing an authenticated administrator to upload an SVG containing embedded JavaScript. The script is base64-encoded and injected unesca...

8.1CVSS5.1AI score0.0031EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36134

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS® software enables a malicious authenticated administrator to store a JavaScript payload using the web interface. This issue is applicable to PAN-OS software on PA-Series and VM-Series firewalls and on Panorama virtual and...

4.8CVSS5.2AI score0.00129EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/11 12:32 a.m.12 views

EUVD-2026-36149

A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI or Web UI. The security risk posed...

8.6CVSS5.7AI score0.01373EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/11 12:0 a.m.14 views

SolidInvoice 跨站脚本漏洞

SolidInvoice is an open-source invoice processing application developed by SolidInvoice. Versions of SolidInvoice prior to 2.3.17 contained a cross-site scripting vulnerability. This vulnerability stemmed from the company logo upload feature not verifying file types. As a result, authenticated...

8.1CVSS4.9AI score0.0031EPSS
Exploits0References1
Rows per page
Query Builder